Hi, thks for your reply! My modem is a mPCIe so it's inside the case; not a stick. In GUI configuration i've four device, dev/cuaU0, dev/cuaU1, dev/cuaU0.0, dev/cuaU0.1. What's the correct device to select?

That bandwidth graph is useful when trying to correlate throughput and latency. If you configure PFSense correctly, you can dramatically reduce ping spikes.

There wasn't an internet connection involved in the tests shown. The tests were local ethernet only only. The LAN connection involved a switch, but the pfSense to DMZ host latency is literally just over a cross connect. No bridging was involved in the graphs I posted, but for what it's worth, I've also tested in a bridged LAN setup and it appears to have no impact, positive or negative. The distro of Linux is Gentoo. Over the course of several weeks other tests were run to individually check latency of the various components involved, switch, mulitple hosts, etc. The sawtooth with pfSense was consistent throughout.

and you ran out of crayons and a napkin? DRAW IT DUDE!!! Use gliffy if you want - its free.. if you have your router in front of pfsense, and its routing other vlans… Why do you have all those rules on pfsense lan interface??  POINTLESS... When would traffic come into pfsense lan interface from those networks?? DRAW IT!!! So your vlans off your cisco that is is connected to the internet can not get to the internet?  How does that have anything in the world to do with pfsense?  And how is pfsense being your firewall if your routing traffic off your cisco?  So you have pfsense in front of your cisco???  Then you need to connect cisco to pfsense with transit.. Create routes on pfsense to the downstream networks. your cisco has ip route 0.0.0.0 0.0.0.0 192.168.80.1 Where is that connected to pfsense???  Is that your pfsense lan which you want to use as transit?  Is there anything else on this lan?  Create routes on pfsense to all the downstream networks, also if pfsense connected to internet your going to have to have it nat all those downstream networks to its wan IP.. Since all your network are 192.168 would be easier to just summarize it use say 172.16.0.0/30 as your transit on pfsense lan.  Then you only need one route and one outbound nat rule. Normally downstream would be done with a transit network see attached.  Create a gateway on pfsense pointing to router interface on the transit for all your network or summarize.  Set your outbound nat to nat those networks as well.  And sure create allow on that transit interface for the downstream networks..  Any Any would be easiest.  Vs adding all of them individual [image: downstream.png] [image: downstream.png_thumb]

Hi, Yes indeed this is not the correct parameter. :-( I can't figure out which parameter to use. But this is a freebsd question. Thanks a lot. At least I have the confirmation where this parameter should be added on a pfsense box. Cheers.

How can I use squid as a transparent proxy ?  one of the groups use console applications that require internet access and there is no option to configure proxy for them

Not sure if this will apply.  If you are running 2012 server and desktops are 8.1 or newer, and last but not least your domain controller is across a VPN tunnel you can now use a feature in which even though the printer share is setup on the remote machine,  printing is done directly to the printer. Also maybe I missed it but is the printer USB or network capable?

With the ISP router which is doing NAT (1) and the pfSense is doing also NAT (2) and on top the other firewall is doing also NAT (3) you were creating a triple NAT situation and related to this this your problems exists. You have two choices to get rid of this issue. Set the ISP router to the so called "bridge mode" that the router is only acting as a pure modem if this able to realize, it would be the fastest and most stable way. Or buy a plain and pure modem. Cons: no Pros: You have then only created a double NAT situation with which you can live. Or you should bridge the LAN port from the ISP router to the WAN port from the pfSense firewall as suggest from @viragomann, that pfSense is acting as a fully transparent firewall then. Cons: Port flapping, packet loss or packet drops Pros: fully transparent firewall which is invisible

https://forum.pfsense.org/index.php?topic=107947.0 I had a TOPIC there and thanks to johnpoz  he found the problem wich is from the ISP dns

I agree about using ubiquiti unifi.  You can't beat the price point!  If you are in US you can get best price from Amazon.

Yeah I missed that in your screenshot. Sorry. Glad you found it.

You only have TCP traffic enabled.  What about UDP?  You can get rid of rules 1 and rule 2, unless you run IP6 traffic on your network.  Edit rule 3 so that it's using wildcard for everything and any for protocol.  You say you can ping websites but not access them.  Can you resolve any hostnames?  Is DNS working properly?

pfSense is based on FreeBSD (10.x and climbing now) so that's where your hardware requirements will come from. Usually they imply some kind of x86 processor and NIC interfaces, not sure if your device fits that bill. What are you hoping to do with pfSense?